Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1240
Views
0
Helpful
5
Replies

Problem to communicating FC Port Fastethernet (module:CISCO | IEM-3000-8SM=) to FW port 1g

emendoza11111
Level 1
Level 1

‎12-27-2018 09:26 AM - edited ‎03-08-2019 04:54 PM

 

Hey 

I need your help!!!

I have a switch Ethernet Industrial IE-3000-8TC-E and I try to connect to FC FastEthernet 10/100M to Firewall CheckPoint /1000M, but the communication fails; I connect the checkpoint firewall to another switch (Cisco Catalyst 2960) through to Transceiver to 1000M and worked correctly. 

The FW checkpoint 5200 is administered for another team, but they changed the speed auto to full 100M; already try for half and full duplex and update the software to the last release (ipservice to LanBase) to 100M in the port of the IE-3000, and failed; the firewall is located in India, and my Cisco switch is in Mexico. 

 

the module in the Cisco IE-3000 that I try to connect is Cisco | IEM-3000-8SM with 8 fiber ports, fast ethernet;

 

thank´s for your help

 

Regards 

Labels:
0 Helpful
5 Replies 5

Simon Darlington
Level 1
Level 1

‎12-27-2018 09:53 AM

Hi

To summarise then

- the Checkpoint firewall port is Gigabit ethernet capable, configured as speed 100.

- the IE-3000-8TC-E port is 10/100 capable. You have tried speed auto and 100, but are having issues.

 

It's not clear whether you are connecting using copper or fibre. As you mention duplex (which we'll ignore for the time being), I'm going to assume you are connecting on copper, possibly using an rj45 transceiver on your IEM-3000-8SM which you have also mentioned.

 

When you say communication fails, are you seeing no physical link coming up i.e. no link light? If so, when you connect the 2960 which works, at what speed does the 2960 port show if you do a show interface.

 

If the 100Mbps capable IE-3000-8TC-E port does not physically connect at speed 100, but your 2960 physically connects at Gig, this would suggest the Checkpoint speed is set to Gig and not 100. If the Checkpoint is hard set to Gig and your IE-3000-8TC-E is only 100M capable, then the link won't come up until the link speeds are aligned i.e. Checkpoint to 100M.

 

Hope this helps.

0 Helpful

emendoza11111
Level 1
Level 1
In response to Simon Darlington

‎12-27-2018 11:28 AM

Thank you for your time:

 

It's not clear whether you are connecting using copper or fibre. As you mention duplex (which we'll ignore for the time being), I'm going to assume you are connecting on copper, possibly using an rj45 transceiver on your IEM-3000-8SM which you have also mentioned.

 

AW:Is connected with fiber

 

 

When you say communication fails, are you seeing no physical link coming up i.e. no link light? If so, when you connect the 2960 which works, at what speed does the 2960 port show if you do a show interface.

 

 

This is the output of the switch catalyst 2960 with which 1000M was tested:

 

Switch#sh int giga1/0/25
GigabitEthernet1/0/25 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is b4a8.b95f.fd19 (bia b4a8.b95f.fd19)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseLX SFP
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     1132 packets output, 98755 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

the port is physically activated:  This is the output of the IE-3000 when connecting the fiber, and the port LED turns on.

FastEthernet3/1 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is b090.7e88.7813 (bia b090.7e88.7813)
  Description: FW_RED_IT_1
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 250/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseFX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 289386
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 17042971 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     35975 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     545431 packets output, 51161743 bytes, 0 underruns
     26 output errors, 2 collisions, 3 interface resets
     0 unknown protocol drops
     0 babbles, 2 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

 

 

Fa3/1     FW_RED_IT_1        connected    18           full    100 100BaseFX

 I show the remote FW whit the configurations:

 

Tests were unsuccessfully:

 

ula-mxcvc-fc-3m1a> show interface eth1-01

state on

mac-addr 00:1c:7f:6a:ab:4f

type ethernet

link-state link down

mtu 1500

auto-negotiation off

speed N/A

ipv6-autoconfig Not configured

duplex N/A

monitor-mode off

link-speed 100M/full

comments {Factory Interface}

ipv4-address 192.168.18.202/24

ipv6-address Not Configured

ipv6-local-link-address Not Configured

 

Statistics:

TX bytes:932 packets:22 errors:0 dropped:0 overruns:0 carrier:0

RX bytes:540 packets:9 errors:0 dropped:0 overruns:0 frame:0  

link state is still down

ula-mxcvc-fc-3m1b>  show interface eth1-01

state on

mac-addr 00:1c:7f:66:37:0b

type ethernet

link-state link down

mtu 1500

auto-negotiation off

speed N/A

ipv6-autoconfig Not configured

duplex N/A

monitor-mode off

link-speed 100M/full

comments {Factory Interface}

ipv4-address 192.168.18.203/24

ipv6-address Not Configured

ipv6-local-link-address Not Configured

 

Statistics:

TX bytes:138 packets:3 errors:0 dropped:0 overruns:0 carrier:0

RX bytes:0 packets:0 errors:0 dropped:0 overruns:0 frame:0

 

0 Helpful

Simon Darlington
Level 1
Level 1
In response to emendoza11111

‎12-28-2018 03:15 AM

No problem. Ok so fibre connection

 

successfully tested a 2960 at Gig with a 1000base LX SFP to the FW

unsuccessfully tested the IEM switch at 100 with a 100base FX SFP to the FW

 

The issue may be that you have two completely different transceivers and only the first is compatible with the far end firewall.

 

The 1000base LX SFP is a single mode transceiver designed to operate over long distances i.e. a few km.

the 100base FX is a multimode transceiver designed to operate over a few hundred metres i.e. within a building. In short, these are different media technologies that are not compatible.

 

Ensure you have compatible SFPs on the IEM and firewall. So one solution would be to swap the SFP in the IEC to a 1000 base LX, which would produce similar results to your 2960. If you are only connecting over a short distance you could connect with cheaper SX or FX transceivers but you would need to change the transceiver in the firewall to match.

 

The datasheet for the IEC listing compatible fibre tranceivers below.

 

Hope this helps. Please rate helpful posts. 

 

https://www.cisco.com/cdc_content_elements/docs/ie3000datasheet.pdf

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to emendoza11111

‎12-28-2018 04:12 AM

Hello,

 

on a side note, the reliability being 250 and not 255 usually  indicates a physical problem at layer 1:

 

 

FastEthernet3/1 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is b090.7e88.7813 (bia b090.7e88.7813) Description: FW_RED_IT_1 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 250/255, txload 1/255, rxload 1/255

 

Have you tried basic things like changing the cabling ?

 

 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-27-2018 09:56 AM

Hi,

Do you have the correct IOS installed on the switch (15.0(2)EY)?

see link:

https://www.cisco.com/c/en/us/products/collateral/switches/industrial-ethernet-3000-series-switches/data_sheet_c78-440930.html

HTH

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card